mfocko/dotfiles
1
0
Fork 0
Code Issues 15 Pull requests Projects Releases Wiki Activity

feat(porkbun): switch to global variables for keys

Browse source 
- Introduce 2 global variables with API keys
- Remove redundant role that only installs one config file used by
  another role
- Use the said global variables within DDNS and Certbot roles
- Create the config file in the role that uses it (Certbot)

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-11-12 16:46:34 +01:00
parent 2039bf6570
commit 8454780c92
Signed by: mfocko
SSH key fingerprint: SHA256:icm0fIOSJUpy5+1x23sfr+hLtF9UhY8VpMC7H4WFJP8
8 changed files with 15 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
defaults/main.yml
View file

@ -27,6 +27,11 @@ hashicorp_vault_address: None
# Address of the Vaultwarden instance # Address of the Vaultwarden instance
vaultwarden_address: None vaultwarden_address: None
# Porkbun apikey and secretapikey that are used by Certbot (SSL/TLS renewal)
# and DDNS (updating DNS records)
porkbun_apikey: None
porkbun_secretapikey: None
# Public ID tied to the Yubikey OTP # Public ID tied to the Yubikey OTP
yubikey_token_id: None yubikey_token_id: None

6
roles/certbot/tasks/main.yml
View file

@ -11,6 +11,12 @@
owner: root owner: root
group: root group: root
- name: Create the file with Porkbun secrets
ansible.builtin.template:
src: templates/porkbun.ini
dest: /etc/porkbun.ini
mode: 0600
- name: Install the Porkbun Certbot container definition (quadlet) - name: Install the Porkbun Certbot container definition (quadlet)
ansible.builtin.template: ansible.builtin.template:
src: templates/certbot.container src: templates/certbot.container

2
roles/certbot/templates/porkbun.ini Normal file
View file

@ -0,0 +1,2 @@
dns_porkbun_key={{ porkbun_apikey }}
dns_porkbun_secret={{ porkbun_secretapikey }}

6
roles/ddns/defaults/main.yml
View file

@ -4,9 +4,3 @@ ddns_domain: None
# List of all subdomains on the said domain for which the IP should be set # List of all subdomains on the said domain for which the IP should be set
ddns_subdomains: [] ddns_subdomains: []
# apikey provided by Porkbun
ddns_porkbun_apikey: None
# secretapikey provided by Porkbun
ddns_porkbun_secretapikey: None

4
roles/ddns/templates/ddns.ini
View file

@ -1,4 +1,4 @@
DOMAIN={{ ddns_domain }} DOMAIN={{ ddns_domain }}
SUBDOMAINS={{ ','.join(ddns_subdomains) }} SUBDOMAINS={{ ','.join(ddns_subdomains) }}
APIKEY={{ ddns_porkbun_apikey }} APIKEY={{ porkbun_apikey }}
SECRETAPIKEY={{ ddns_porkbun_secretapikey }} SECRETAPIKEY={{ porkbun_secretapikey }}

6
roles/porkbun/defaults/main.yml
View file

@ -1,6 +0,0 @@
---
# apikey provided by Porkbun
porkbun_key: None
# secretapikey provided by Porkbun
porkbun_secret: None

6
roles/porkbun/tasks/main.yml
View file

@ -1,6 +0,0 @@
---
- name: Create the file with Porkbun secrets
ansible.builtin.template:
src: templates/porkbun.ini
dest: /etc/porkbun.ini
mode: 0600

2
roles/porkbun/templates/porkbun.ini
View file

@ -1,2 +0,0 @@
dns_porkbun_key={{ porkbun_key }}
dns_porkbun_secret={{ porkbun_secret }}